Skip to content

HakonHarnes/wasm-obf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

183 Commits
analysis
analysis
 
 
dataset
dataset
 
 
detection
detection
 
 
metrics
metrics
 
 
miner
miner
 
 
mongodb
mongodb
 
 
obfuscation
obfuscation
 
 
optimization
optimization
 
 
verify-hashes
verify-hashes
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

wasm-obf: WebAssembly obfuscation

This repository contains the source code and experimental data derived from research on WebAssembly obfuscation. It has been developed as a part of my Master's thesis in Computer Science at the Norwegian University of Science and Technology (NTNU). The thesis can be found here and the paper can be found here. The experimental data, containing close to 50,000 WebAssembly binaries, can be found under the releases.

Structure

  • Analysis contains the data and code to create the plots used in the thesis.
  • Dataset contains the source code and build files for the applications in the dataset.
  • Detection contains the source code of the cryptomining detection methods.
  • Metrics contains code for measuring the file size, hash rate, and similarity between WebAssembly binaries.
  • Miner contains code for the web-based cryptominer.
  • Mongodb contains code relating to the mongodb database.
  • Obfuscation contains code for obfuscating the WebAssembly binaries.
  • Optimization contains code for optimizing the WebAssembly binaries.
  • Verify hashes contains code for verifying the hashes of the cryptomining WebAssembly binaries.

Requirements

  • Python 3
  • Docker

Setup

Some of the docker containers require specific networks to be setup. Specifically, a database, miner, and WASim network will need to be created:

docker network create db_network
docker network create mn_network
docker network create wasim_network

Usage

Starting the database

cd mongodb
docker compose run mongodb

The database must run before running the experiments.

Building the dataset

cd dataset
docker compose run build-dataset

This will build the applications in the dataset folder using Emscripten and move the WebAssembly binaries, as well as the accompanying JavaScript glue code and HTML file to the binaries folder.

Obfuscating the WebAssembly binaries

cd obfuscation
docker compose run <method>

where <method> is either tigress, llvm, or wasm-mutate.

Running cryptomining detection

cd detection
docker compose run <method>

where <method> is either minos, miner-ray, virustotal, or wasim.

Measuring file size and distance

cd metrics
docker compose run file-size
docker compose run dtw

Measure the hash rate

First, start the miner:

cd miner
docker compose up

Then, navigate back to metrics and run:

cd ../metrics
docker compose run hash-rate

Verifying the hashes

cd verify-hashes
docker compose run verify-hashes

Extracting V8 bytecode

cd optimization
docker compose run v8-stats

This will create a .v8 file in the binaries folder with the extracted V8 data.

Optimizing the WebAssembly binaries

cd optimization
docker compose run opt

The database will then need to be reset before re-running the experiment with the optimized WebAssembly binaries.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

8 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 1

WebAssembly binaries and analysis data Latest
May 31, 2023

Packages

No packages published

Languages